O'Reilly logo

Memory Dump Analysis Anthology, Volume 7 by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Value Adding Process

This is a frequently observed pattern in terminal services environments when we see one or several process names listed in each session but not necessarily required. They are usually running to provide some user experience enhancements. In such cases if observed functional problems correspond to the purpose of running additional processes we might want to eliminate them for testing and troubleshooting purposes.

0: kd> !sprocess 12 Dumping Session 12 _MM_SESSION_SPACE fffff8800e5d5000 _MMSESSION fffff8800e5d5b40 PROCESS fffffa8008d50b30 SessionId: 12 Cid: 0b04 Peb: 7fffffdc000 ParentCid: 1478 DirBase: 6bb77000 ObjectTable: fffff8a003f280b0 HandleCount: 158. Image: csrss.exe PROCESS fffffa80030c7060 SessionId: 12 Cid: 1a48 ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required